ninjamiefandomcom-20200214-history
Panorama
Templates *'M-100 / VMware ' *'Objects ' *'Policies / zones' *'Logs' *Provides centralized configuration management. *centralized logging and reporting. Aggregates data from all managed firewalls. *centralized deployment management. *Supports HA-Pair, Active/Passive only. Administrative Roles Dynamic Roles = Superusers (full-access), Superuser (read-only), and Panorama administrator .Panorama Admininstrator cannot perform these actions: *Create, modify, or delete Admins *Create, modify, or delete Admin Roles or Access Domains *Export, validate, revert, save, load, or import the configuration from the'' device -> setup'' tab *Configure Scheduled Config Export functionality on the Panorama tab. Admin Role Profiles - create your own role definitions. make sure to update the profiles to explicitly assign privileges for new features/components that are added to the product. By default, access to all new components and features is disabled. *Device Groups and Templates = will allow access to device and network configuration areas *Panoramas = will allow access to security policy definitions, logs, and reports on Panorama. Device Groups Device groups 'manage shared ''Policies and Objects. *Types of '''Objects: **Server profiles (email, syslog, radius, LDAP, kerberos, SNMP), Auth profile/sequence, client cert profile, certificates, block pages *'Policy' can be targeted to groups or specified firewalls *pre/post-rules cannot be edited inside firewall once pushed. Templates manage Network and Device ''configurations. 'Templates' *Templates are used to define common Network and Device configurations and then apply the configuration across multiple managed devices. *Recommneded that you only define the configuration parameters that are common across all the devics. *When you change a parameter value in a template and issue a template commit, the value also changes for the all device configurations that refer to that template. **This eliminates theneed to go to each device and make a local change. '''2 Methods of using templates': #You can configure the Network and Device configuration in the template and commit to Panorama. Then later you can apply the template configuration to the device by assigning devices to the template and then commit the template to the device(s). #You can create a template and assign the devices to the template right away and the configure the Network and Device configuration in the template and commit to Panorama and finally commit to the device(s). 'Panorama Platforms' Panorama Virtual Appliance *Installed on a VMware server. Facilitates server consolidation for sites that need a virtual management appliance. *Best suited for environments with fewer than 10 firewalls and log rates less thatn 10,000 logs/second. *Supports integration with a Network File System (NFS) for increased storage and (>2TB) log retention capabilities. M-100 Appliance *A dedicated hardware appliance intended for large scale deployments. Environments with high logging rates and log retention requirements. *Supports up to 4TB of log storage *Allows for separation of the central management function from the log collection function by supporting 2 deployment modes: **'Panorama mode': The appliance performs both the central mgmt and the log collection functions. Default mode. **'Log Collection mode': Functions as a dedicated log collector, can be managed by either an M-100 appliance in the Panorama mode or a Panorama Virtual Appliance. ***When deployed in this mode, the appliance does NOT have a GUI; admin access is CLI only. 'How to back up Panorama' *Panorama saves a backup of every committed configuration from each device it manages. *It saves copies of its own committed configurations. *The system supports a method to regularly export backups to an external data store. 'Managing DEVICE backups from the Web GUI:' 4.0 Panorama -> Managed Devices #Under Backups column click Manage. This showssaved and committed configurations for the device. #Click on load to restore the selected config. #To remove a saved config, click the X''' button under '''Action. 5.0 Panorama -> Setup -> Operations https://live.paloaltonetworks.com/docs/DOC-6129 #Click "export panorama and devices config bundle" #Save the compressed file to a local disk and decompress to access all the current device config files. Will save as an .xml 'Managing PANORAMA Configuration backups from the GUI:' Panorama -> Setup -> Operations #Click Export named Panorama Configuration snapsho''t' or '''Export Panorama Configuration version under the Configuration Management section. #Select the configuration from the configuration drop down list in the pop-up window. #'ok' 'Manual Export and Import of Panorama Configurations from the CLI:' > tftp export configuration *''remote-port'' *''source-ip'' *''from'' *''to '' >'' scp export configuration'' *''remote-port'' *''Source-ip '' *''from'' *''to <''Destination> (ex: username@host:path) To import Panorama's configuration for the CLI: : > tftp import configuration from '' file'' To export Panorama;s entire log database: : > scp export logdb to destination (username@host:path) Import a Panorama log database: : > scp import logdv from Panorama CLI 'Check Panorama Status on the device:' admin@PA-5050-1> show panorama-status panorama server 1: 10.5.68.250 Connected: Yes HA state: Active